CISM Certified Information Security Manager
|
|
- Virgil Jefferson
- 6 years ago
- Views:
Transcription
1 CISM Certified Information Security Manager Firebrand Custom Designed Courseware
2 Logistics Start Time Breaks End Time Fire escapes Instructor Introductions
3 Introduction to Information Security Management
4 Course Mission Educational Value Both theoretical and practical Up-to-date Relevant
5 CISM Certified Information Security Manager Designed for personnel that have (or want to have) responsibility for managing an Information Security program Tough but very good quality examination Requires understanding of the concepts behind a security program not just the definitions
6 CISM Exam Review Course Overview The CISM Exam is based on the CISM job practice. The ISACA CISM Certification Committee oversees the development of the exam and ensures the currency of its content. There are four content areas that the CISM candidate is expected to know.
7 Job Practice Areas
8 Domain Structure Information Security Governance Reports To Mandates Information Risk Management and Compliance Deploys Influences Information Security Program Development and Management Requires Information Security Incident Management
9 CISM Qualifications To earn the CISM designation, information security professionals are required to: Successfully pass the CISM exam Adhere to the ISACA Code of Professional Ethics Agree to comply with the CISM continuing education policy Submit verified evidence of five (5) years of work experience in the field of information security.
10 The Examination The exam consists of 200 multiple choice questions that cover the CISM job practice areas. Four hours are allotted for completing the exam See the Job Practice Areas including task Statements and Knowledge Statements listed on the ISACA website
11 Examination Day Be on time!! The doors are locked when the instructions start approximately 30 minutes before examination start time. Bring the admission ticket (sent out prior to the examination from ISACA) and an acceptable form of original photo identification (passport, photo id or drivers license).
12 Completing the Examination Items Bring several #2 pencils and an eraser Read each question carefully Read ALL answers prior to selecting the BEST answer Mark the appropriate answer on the test answer sheet. When correcting an answer be sure to thoroughly erase the wrong answer before filling in a new one. There is no penalty for guessing. Answer every question.
13 Grading the Exam Candidate scores are reported as a scaled score based on the conversion of a candidate s raw score on an exam to a common scale. ISACA uses and reports scores on a common scale from 200 to 800. A candidate must receive a score of 450 or higher to pass. Exam results will be mailed (and ed) out approximately 6-8 weeks after the exam date. Good Luck!
14 End of Introduction Welcome to the CISM course!!
15 2016 CISM Review Course Chapter 1 Information Security Governance
16 Information Security Management The responsible protection of the information assets of the organization Supporting Security Governance and risk management Adoption of a security framework and standards ISACA CISM Review Manual Page 14 16
17 Governance Governance: Ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved: Setting direction through prioritization and decision-making: Monitoring performance and compliance against agreed-on directions and objectives ISACA CISM Review Manual Page 14
18 Examination Content The CISM Candidate understands: Effective security governance framework Building and deploying a security strategy aligned with organizational goals Manage risk appropriately Responsible management of program resources The content area in this chapter will represent approximately 24% of the CISM examination (approximately 48 questions). ISACA CISM Review Manual Page 14
19 Learning Objectives Align the organization s Information security strategy with business goals and objectives Obtain Senior Management commitment Provide support for: Governance Business cases to justify security Compliance with legal and regulatory mandates ISACA CISM Review Manual Page 14
20 Learning Objectives cont. Provide support for: Organizational priorities and strategy Identify drivers affecting the organization Define roles and responsibilities Establish metrics to report on effectiveness of the security strategy ISACA CISM Review Manual Page 14
21 CISM Priorities The CISM must understand: Requirements for effective information security governance Elements and actions required to: Develop an information security strategy Plan of action to implement it ISACA CISM Review Manual Page 14
22 Information Security Governance Information is indispensable to conduct business effectively today Information must be: Available Have Integrity of data and process Be kept confidential as needed Protection of information is a responsibility of the Board of Directors ISACA CISM Review Manual Page 31
23 Information Security Information Protection includes: Accountability Oversight Prioritization Risk Management Compliance (Regulations and Legislation) ISACA CISM Review Manual Page 31
24 Information Security Governance Overview Information security is much more than just IT security (more than technology) Information must be protected at all levels of the organization and in all forms Information security is a responsibility of everyone In all forms paper, fax, audio, video, microfiche, networks, storage media, computer systems ISACA CISM Review Manual Page 31
25 Security Program Priorities Achieve high standards of corporate governance Treat information security as a critical business issue Create a security positive environment Have declared responsibilities
26 Security versus Business Security must be aligned with business needs and direction Security is woven into the business functions Provides Strength Resilience Protection Stability Consistency
27 Security Program Objectives Ensure the availability of systems and data Allow access to the correct people in a timely manner Protect the integrity of data and business processes Ensure no improper modifications Protect confidentiality of information Unauthorized disclosure of information Privacy, trade secrets,
28 Selling the Importance of Information Security Benefits of effective information security governance include: Improved trust in customer relationships Protecting the organization s reputation Better accountability for safeguarding information during critical business activities Reduction in loss through better incident handling and disaster recovery ISACA CISM Review Manual Page 31
29 The First Priority for the CISM Remember that Information Security is a businessdriven activity. Security is here to support the interests and needs of the organization not just the desires of security Security is always a balance between cost and benefit; security and productivity ISACA CISM Review Manual Page 31
30 Corporate Governance
31 Business Goals and Objectives Corporate governance is the set of responsibilities and practices exercised by the board and executive management Goals include: Providing strategic direction Reaching security and business objectives Ensure that risks are managed appropriately Verify that the enterprise s resources are used responsibly ISACA CISM Review Manual Page 32
32 Outcomes of Information Security Governance The six basic outcomes of effective security governance: Strategic alignment Risk management Value delivery Resource optimization Performance measurement Integration ISACA CISM Review Manual Page 32
33 Benefits of Information Security Governance Effective information security governance can offer many benefits to an organization, including: Compliance and protection from litigation or penalties Cost savings through better risk management Avoid risk of lost opportunities Better oversight of systems and business operations Opportunity to leverage new technologies to business advantage ISACA CISM Review Manual Page 32
34 Performance and Governance Governance is only possible when metrics are in place to: Measuring Monitoring Reporting On whether critical organizational objectives are achieved Enterprise-wide measurements should be developed ISACA CISM Review Manual Page 33
35 Governance Roles and Responsibilities Board of Directors/Senior Management Effective security requires senior management support Steering Committee Ensure continued alignment between IT and business objectives CISO Chief Information Security Officer Ensures security is addressed at a senior management level ISACA CISM Review Manual Page 35, 36
36 Governance Roles and Responsibilities cont. System Owners Responsible to ensure that adequate protection is in place to protect systems and the data they process Information Owners Responsible for the protection of data regardless of where it resides or is processed ISACA CISM Review Manual Page 37
37 Gaining Management Support Formal presentation From a business perspective Align security with the business Identify risk and consequences Describe audit and reporting procedures ISACA CISM Review Manual Page 38
38 Communication Channels Track the status of the security program Share security awareness and knowledge of risk Communicate policies and procedures Deliver to all staff at appropriate level of detail ISACA CISM Review Manual Page 38
39 GRC The combination of overlapping activities into a single business process to recognize the importance to senior management of information security and assurance Governance Risk Compliance ISACA CISM Review Manual Page 40
40 BMIS The business model for information security is one approach to show the interraltionship between several elements of a robust security management program: Organization Design and Strategy People Process Technology ISACA CISM Review Manual Page 41
41 BMIS The interaction of these processes is important to provide coordination between the dynamic elements of security: Governance Culture Enablement and Support Emergence Human Factors Architecture ISACA CISM Review Manual Page 42
42 Governance of Third-Party Relationships As organizations move more towards the use of third parties for support (e.g., the Cloud), the need to govern and manage these relationships is of increasing importance. Service providers Outsourced operations Trading partners Merged or acquired organizations ISACA CISM Review Manual Page 43
43 Information Security Metrics A framework that cannot be measured, cannot be trusted. The security program must be accountable for its budget, deliverables and strategy. Meaningful Accurate Cost-effective Repeatable Predictive Actionable Genuine ISACA CISM Review Manual Page 44
44 KPIs and KGIs Indicate attainment of service goals, organizational objectives and milestones. Key Goal Indicators Key Risk Indicators ISACA CISM Review Manual Page 46
45 Security Integration Security needs to be integrated INTO the business processes The goal is to reduce security gaps through organizational-wide security programs Integrate IT with: Physical security Risk Management Privacy and Compliance Business Continuity Management ISACA CISM Review Manual Page 46
46 Areas to Measure (Metrics) Risk Management Value Delivery Resource Management Performance Measurement Incident reporting Benchmarking ISACA CISM Review Manual Page 47
47 Developing Information Security Strategy Information Security Strategy Long term perspective Standard across the organization Aligned with business strategy / direction Understands the culture of the organization Reflects business priorities ISACA CISM Review Manual Page 49
48 The Desired State of Security The desired state of security must be defined in terms of attributes, characteristics and outcomes It should be clear to all stakeholders what the intended security state is ISACA CISM Review Manual Page 53
49 The Desired State cont. One definition of the desired state: Protecting the interests of those relying on information, and the processes, systems and communications that handle, store and deliver the information, from harm resulting from failures of availability, confidentiality and integrity Focuses on IT-related processes from IT governance, management and control perspectives ISACA CISM Review Manual Page 53
50 Elements of a Strategy A security strategy needs to include: Resources needed Constraints A road map Includes people, processes, technologies and other resources A security architecture: defining business drivers, resource relationships and process flows Achieving the desired state is a long-term goal of a series of projects ISACA CISM Review Manual Page 53
51 Business Linkages Business linkages Start with understanding the specific objectives of a particular line of business Take into consideration all information flows and processes that are critical to ensuring continued operations Enable security to be aligned with and support business at strategic, tactical and operational levels ISACA CISM Review Manual Page 53
52 Objectives of Security Strategy The objectives of an information security strategy must Be defined Be supported by metrics (measureable) Capability Maturity Model (CMM) Provide guidance ISACA CISM Review Manual Page 55
53 Balanced Scorecard (BSC) See next slide for diagram Ensures that multiple perspectives are considered when developing a security strategy Seeks balance between competing interests ISACA CISM Review Manual Page 55
54 Balanced Scorecard (BSC) Financial Customer Information Learning Process ISACA CISM Review Manual Page 55
55 The Maturity of the Security Program Using CMM 0: Nonexistent - No recognition by organization of need for security 1: Ad hoc - Risks are considered on an ad hoc basis no formal processes 2: Repeatable but intuitive - Emerging understanding of risk and need for security 3: Defined process - Companywide risk management policy/security awareness 4: Managed and measurable - Risk assessment standard procedure, roles and responsibilities assigned, policies and standards in place 5: Optimized - Organization-wide processes implemented, monitored and managed ISACA CISM Review Manual Page 55
56 The ISO27001:2013 Framework The goal of ISO27001:2013 is to: Establish Implement Maintain, and Continually improve An information security management system Contains: 14 Clauses, 35 Controls Objectives and 114 controls ISACA CISM Review Manual Page 56
57 Risk Management The basis for most security programs is Risk Management: Risk identification Risk Mitigation Ongoing Risk Monitoring and evaluation The CISM must remember that risk is measured according to potential impact on the ability of the business to meet its mission not just on the impact on IT. ISACA CISM Review Manual Page 56
58 Examples of Other Security Frameworks SABSA (Sherwood Applied Business Security Architecture) COBIT COSO Business Model for Information Security Model originated at the Institute for Critical Information Infrastructure Protection ISACA CISM Review Manual Page 49, 61
59 Examples of Other Security Frameworks ISO standards on quality (ISO 9001:2000) Six Sigma Publications from NIST and ISF US Federal Information Security Management Act (FISMA) ISACA CISM Review Manual Page 56
60 Constraints and Considerations for a Security Program Constraints Legal Laws and regulatory requirements Physical Capacity, space, environmental constraints Ethics Appropriate, reasonable and customary Culture Both inside and outside the organization Costs Time, money Personnel Resistance to change, resentment against new constraints ISACA CISM Review Manual Page 59
61 Constraints and Considerations for a Security Program cont. Constraints Organizational structure How decisions are made and by whom, turf protection Resources Capital, technology, people Capabilities Knowledge, training, skills, expertise Time Window of opportunity, mandated compliance Risk tolerance Threats, vulnerabilities, impacts ISACA CISM Review Manual Page 59
62 Security Program Starts with theory and concepts Policy Interpreted through: Procedures Baselines Standards Measured through audit ISACA CISM Review Manual Page 60
63 Architecture Information security architecture is similar physical architecture Requirements definition Design / Modeling Creation of detailed blueprints Development, deployment Architecture is planning and design to meet the needs of the stakeholders Security architecture is one of the greatest needs for most organizations ISACA CISM Review Manual Page 60
64 Using an Information Security Framework Effective information security is provided through adoption of a security framework Defines information security objectives Aligns with business objectives Provides metrics to measure compliance and trends Standardizes baseline security activities enterprise-wide ISACA CISM Review Manual Page 62
65 The Goal of Information Security The goal of information security is to protect the organization s assets, individuals and mission This requires: Asset identification Classification of data and systems according to criticality and sensitivity Application of appropriate controls ISACA CISM Review Manual Page 62
66 Controls Non-IT controls ( Labeling, handling requirements Countermeasures Reduce a vulnerability (reduce likelihood or impact of an incident) Layered Defense ISACA CISM Review Manual Page 63
67 Elements of Risk and Security The next few slides list many factors that go into a Security program. ISACA CISM Review Manual Page 64
68 Information Security Concepts Access Architecture Attacks Auditability Authentication Authorization Availability Business dependency analysis Business impact analysis Confidentiality Countermeasures Criticality Data classification Exposures Gap analysis Governance ISACA CISM Review Manual Page 64-69
69 Information Security Concepts cont. Identification Impact Integrity Layered security Management Nonrepudiation Risk / Residual risk Security metrics Sensitivity Standards Strategy Threats Vulnerabilities Enterprise architecture Security domains Trust models ISACA CISM Review Manual Page 64-69
70 Security Program Elements Policies Standards Procedures Guidelines Controls physical, technical, procedural Technologies Personnel security Organizational structure Skills ISACA CISM Review Manual Page 64-69
71 Security Program Elements cont. Training Awareness and education Compliance enforcement Outsourced security providers Other organizational support and assurance providers Facilities Environmental security ISACA CISM Review Manual Page 64-69
72 Centralized versus Decentralized Security Which is better? Consistency versus flexibility Central control versus Local ownership Procedural versus responsive Core skills versus distributed skills Visibility to senior management versus visibility to users and local business units ISACA CISM Review Manual Page 65
73 Audit and Assurance of Security Objective review of security risk, controls and compliance Assurance regarding the effectiveness of security is a part of regular organizational reporting and monitoring ISACA CISM Review Manual Page 66
74 Ethical Standards Rules of behaviour Legal Corporate Industry Personal ISACA CISM Review Manual Page 68
75 Ethical Responsibility Responsibility to all stakeholders Customers Suppliers Management Owners Employees Community ISACA CISM Review Manual Page 68
76 Evaluating the Security Program Metrics are used to measure results Measure security concepts that are important to the business Use metrics that can be used for each reporting period Compare results and detect trends ISACA CISM Review Manual Page 71
77 Effective Security Metrics Set metrics that will indicate the health of the security program Incident management Degree of alignment between security and business development Was security consulted Were controls designed in the systems or added later ISACA CISM Review Manual Page 71
78 Effective Security Metrics cont. Choose metrics that can be controlled Measure items that can be influenced or managed by local managers / security Not external factors such as number of viruses released in the past year Have clear reporting guidelines Monitor on a regular scheduled basis ISACA CISM Review Manual Page 71
79 Key Performance Indicators (KPIs) Thresholds to measure Compliance / non-compliance Pass / fail Satisfactory / unsatisfactory results A KPI is set at a level that indicates action should / must be taken Alarm point ISACA CISM Review Manual Page 71
80 End to End Security Security must be enabled across the organization not just on a system by system basis Performance measures should ensure that security systems are integrated with each other Layered defenses ISACA CISM Review Manual Page 74
81 Correlation Tools The CISM may use Security Event and Incident Management (SEIM, SIM, SEM) tools to aggregate data from across the organization Data analysis Trend detection Reporting tools Added value on exam but not in the ISACA book
82 Regulations and Standards The CISM must be aware of National Laws Privacy Regulations Reporting, Performance Industry standards Payment Card Industry (PCI) BASEL II Added value on exam but not in the ISACA book
83 Effect of Regulations Requirements for business operations Potential impact of breach Cost Reputation Scheduled reporting requirements Frequency Format Added value on exam but not in the ISACA book
84 Reporting and Analysis Data gathering at source Accuracy Identification Reports signed by Organizational Officer Added value on exam but not in the ISACA book
Certified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationISACA. Certification Details for Certified in the Governance of Enterprise IT (CGEIT )
ISACA Pasitikėjimas informacinėmis sistemomis ir jų nauda Certification Details for Certified in the Governance of Enterprise IT (CGEIT ) Dainius Jakimavičius, CGEIT ISACA Lietuva tyrimų ir metodikos koordinatorius
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More information"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary
Course Summary Description In this course, you will perform evaluations of organizational policies, procedures, and processes to ensure that an organization's information systems align with overall business
More information<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager. https://www.2passeasy.
Exam Questions CISM Certified Information Security Manager https://www.2passeasy.com/dumps/cism/ 1.Senior management commitment and support for information security can BEST be obtained through presentations
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More information"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary
Course Summary Description ITIL is a set of best practices guidance that has become a worldwide-adopted framework for IT Service Management by many Public & Private Organizations. Since early 1990, ITIL
More informationExam4Tests. Latest exam questions & answers help you to pass IT exam test easily
Exam4Tests http://www.exam4tests.com Latest exam questions & answers help you to pass IT exam test easily Exam : CISM Title : Certified Information Security Manager Vendor : ISACA Version : DEMO 1 / 10
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationApplication for Certification
Application for Certification Requirements to Become a Certified Information Security Manager To become a Certified Information Security Manager (CISM), an applicant must: 1. Score a passing grade on the
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationCISM QAE ITEM DEVELOPMENT GUIDE
CISM QAE ITEM DEVELOPMENT GUIDE ISACA 2015. All Rights Reserved. 2 TABLE OF CONTENTS PURPOSE OF THE CISM QAE ITEM DEVELOPMENT GUIDE... 3 PURPOSE OF THE CISM QAE... 3 CISM EXAM STRUCTURE... 3 WRITING QUALITY
More informationSolutions Technology, Inc. (STI) Corporate Capability Brief
Solutions Technology, Inc. (STI) Corporate Capability Brief STI CORPORATE OVERVIEW Located in the metropolitan area of Washington, District of Columbia (D.C.), Solutions Technology Inc. (STI), women owned
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard
Certification Exam Outline Effective Date: April 2013 About CISSP-ISSMP The Information Systems Security Management Professional (ISSMP) is a CISSP who specializes in establishing, presenting, and governing
More informationCOBIT 5 With COSO 2013
Integrating COBIT 5 With COSO 2013 Stephen Head Senior Manager, IT Risk Advisory Services 1 Our Time This Evening Importance of Governance COBIT 5 Overview COSO Overview Mapping These Frameworks Stakeholder
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationThreat and Vulnerability Assessment Tool
TABLE OF CONTENTS Threat & Vulnerability Assessment Process... 3 Purpose... 4 Components of a Threat & Vulnerability Assessment... 4 Administrative Safeguards... 4 Logical Safeguards... 4 Physical Safeguards...
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.
Course Outline CISM - Certified Information Security Manager 20 Nov 2017 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationTable of Contents. Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING
Table of Contents Preface xvii PART ONE: FOUNDATIONS OF MODERN INTERNAL AUDITING Chapter 1: Significance of Internal Auditing in Enterprises Today: An Update 3 1.1 Internal Auditing History and Background
More informationPosition Description IT Auditor
Position Title IT Auditor Position Number Portfolio Performance and IT Audit Location Victoria Supervisor s Title IT Audit Director Travel Required Yes FOR OAG HR USE ONLY: Approved Classification or Leadership
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager The objective of the PECB Certified ISO/IEC 38500 Lead IT Corporate Governance Manager examination is to ensure
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE Updated March 2017 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps to
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationWHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.
Learning Objectives and Course Descriptions: FOUNDATION IN IT SERVICE MANAGEMENT This official ITIL Foundation certification course provides you with a general overview of the IT Service Management Lifecycle
More informationCISA Training.
CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationCOURSE BROCHURE. COBIT5 FOUNDATION Training & Certification
COURSE BROCHURE COBIT5 FOUNDATION Training & Certification What is COBIT5? COBIT 5 (Control Objectives for Information and Related Technology) is an international open standard that defines requirements
More informationRethinking Information Security Risk Management CRM002
Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationVal-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.
Val-EdTM Valiant Technologies Education & Training Services Workshop for CISM aspirants All Trademarks and Copyrights recognized Page 1 of 8 Welcome to Valiant Technologies. We are a specialty consulting
More informationWhen Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.
When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationSecurity Policies and Procedures Principles and Practices
Security Policies and Procedures Principles and Practices by Sari Stern Greene Chapter 3: Information Security Framework Objectives Plan the protection of the confidentiality, integrity and availability
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationContinuous protection to reduce risk and maintain production availability
Industry Services Continuous protection to reduce risk and maintain production availability Managed Security Service Answers for industry. Managing your industrial cyber security risk requires world-leading
More informationSOC for cybersecurity
April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory
More informationManaging IT Risk: The ISACA Risk IT Framework. 1 st ISACA Day, Sofia 15 October Charalampos (Haris)Brilakis, CISA
Managing IT Risk: The ISACA Risk IT Framework Charalampos (Haris)Brilakis, CISA ISACA Athens Chapter BoD / Education Committee Chair Sr. Manager, Internal Audit, Eurobank (Greece) 1 st ISACA Day, Sofia
More informationCOURSE BROCHURE CISA TRAINING
COURSE BROCHURE CISA TRAINING What is CISA? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual within
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationWhat is ISO ISMS? Business Beam
1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4
More informationInformation for entity management. April 2018
Information for entity management April 2018 Note to readers: The purpose of this document is to assist management with understanding the cybersecurity risk management examination that can be performed
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationAuditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC
Auditing and Monitoring for HIPAA Compliance HCCA COMPLIANCE INSTITUTE 2003 April, 2003 Presented by: Suzie Draper Sheryl Vacca, CHC 1 The Elements of Corporate Compliance Program There are seven key elements
More informationCISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar
Course Outline CISM - Certified Information Security Manager 22 Mar 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationInformation Technology General Control Review
Information Technology General Control Review David L. Shissler, Senior IT Auditor, CPA, CISA, CISSP Office of Internal Audit and Risk Assessment September 15, 2016 Background Presenter Senior IT Auditor
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationUSING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES
WHITE PAPER USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES Table of Contents I. Overview II. COSO to CobIT III. CobIT / COSO Objectives met by using QualysGuard 2 3 4 Using QualysGuard
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationPREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice
PREPARING FOR SOC CHANGES AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice On May 1, 2017, SSAE 18 went into effect and superseded SSAE 16. The following information is here
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION
ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION Cathy Bates Senior Consultant, Vantage Technology Consulting Group January 30, 2018 Campus Orientation Initiative and Project Orientation Project
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationThe Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.
The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation Tichaona Zororo CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor B.Sc. Honours Information Systems,
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationFunction Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationAchilles System Certification (ASC) from GE Digital
Achilles System Certification (ASC) from GE Digital Frequently Asked Questions GE Digital Achilles System Certification FAQ Sheet 1 Safeguard your devices and meet industry benchmarks for industrial cyber
More informationCYBERSECURITY RISK ASSESSMENT
CYBERSECURITY RISK ASSESSMENT ACME Technologies, LLC Page 1 of 46 TABLE OF CONTENTS EXECUTIVE SUMMARY 3 ASSESSMENT SCOPE & CONTEXT 4 RISK ASSESSMENT SCOPE 4 RISK MANAGEMENT OVERVIEW 4 ENTERPRISE RISK MANAGEMENT
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationBusiness Continuity Management Standards A Side-by-Side Comparison
Business Continuity Standards A Side-by-Side Comparison By Brian Zawada (CBCP) & Jared Schwartz (CBCP) Whether your organization has begun a grassroots initiative to develop a business continuity plan
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationCertified in the Governance of Enterprise IT Training - Brochure
Certified in the Governance of Enterprise IT Training - Brochure Optimize the IT governance of your business increase its efficiency Course Name : CGEIT Training Certification Version : INVL_CGEIT_BR_1.0
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT
ADDING BUSINESS VALUE THROUGH EFFECTIVE IT SECURITY MANAGEMENT 1 BY HUSSEIN K. ISINGOMA CISA,FCCA,CIA, CPA, MSC,BBS AG. ASSISTANT COMMISSIONER/INTERNAL AUDIT MINISTRY OF FINANCE, PLANNING AND ECONOMIC
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationCertified in Risk and Information Systems ControlTM Certification Training - Brochure
Certified in Risk and Information Systems ControlTM Certification Training - Brochure Manage IT risks to control Information Systems effectively Course Name : CRISC Certification Training Version : INVL_CRISC_BR_1.0
More informationAutomating the Top 20 CIS Critical Security Controls
20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationCERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS
CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS Good IT governance is a key element of a well-performing enterprise. Enterprises need qualified information
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationPOSITION DESCRIPTION
UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationIT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)
DESIGNATION Reporting to Division Office Location IT MANAGER PERMANENT SALARY SCALE: P07 (R806 593.00) Ref:AgriS042/2019 Information Technology Manager CEO Information Technology (IT) Head office JOB PURPOSE
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) 1. Domain 1 The Process of Auditing Information Systems Provide audit services in accordance with IT audit standards to assist the organization in protecting
More informationEXIN Expert in IT Service Management based on ISO/IEC Preparation Guide
EXIN Expert in IT Service Management based on ISO/IEC 20000 Preparation Guide Edition June 2016 Copyright 2016 EXIN All rights reserved. No part of this publication may be published, reproduced, copied
More information